AWS Security Blog

Category: Security, Identity, & Compliance*

AWS Architecture and Security Recommendations for FedRAMP Compliance

Some of the most common compliance-related requests we receive from our customers are for reference architecture, a template for how to build your infrastructure in the cloud. These requests indicate how some people learn new concepts: reference architecture visualizations can help to clarify subject matter. In order to clarify how you can use AWS functionality […]

Read More

Test Your Managed Policies by Using the Identity and Access Management Policy Simulator

Recently, AWS launched managed policies, which simplify policy management by enabling you to attach a single policy to multiple AWS Identity and Access Management (IAM) entities such as users, groups, and roles. When you update a managed policy, the permissions in that policy apply to every entity to which the managed policy is attached. We […]

Read More

Share Custom Encryption Keys More Securely Between Accounts by Using AWS Key Management Service

AWS Key Management Service (KMS) is a managed service that makes it easy for you to create, control, rotate, and use your encryption keys in your applications. KMS allows you to create custom keys that other AWS Identity and Access Management (IAM) users and roles in your AWS account can use. You can also enable […]

Read More

AWS Security Token Service Is Now Available in Every AWS Region

AWS Security Token Service (STS), which enables your applications to request temporary security credentials, is now available in every AWS region. Previously, STS had only a single endpoint (https://sts.amazonaws.com), but now, there is an endpoint in every AWS region. By bringing STS to a region geographically closer to you, your applications and services can call […]

Read More

An Easier Way to Manage Your Policies

AWS recently announced a new feature of AWS Identity and Access Management (IAM): managed policies. Managed policies enable you to attach a single policy to multiple IAM users, groups, and roles (in this blog post referred to collectively as “IAM entities”). When you update a managed policy, the permissions in that policy apply to every […]

Read More

ENISA Advances Cloud Adoption in Europe

AWS continually monitors how the work of international standards bodies affects how you run your regulated workloads in the cloud. As such, we were pleased to see a recent security-related announcement from the European Union Agency for Network and Information Security (ENISA). ENISA’s announcement addresses one of the most commonly asked questions by AWS customers […]

Read More

How to Receive Alerts When Your IAM Configuration Changes

Note: This post has been updated to support the recently launched managed policies. As an AWS administrator, you want to know when your security configuration changes. Though some changes are expected, you may want to review unexpected changes or changes made by a privileged user. Fortunately, a newly released combination of AWS CloudTrail, Amazon CloudWatch […]

Read More

An Easier Way to Determine the Presence of AWS Account Access Keys

Last month, the AWS Security Blog encouraged you to adhere to AWS Identity and Access Management (IAM) best practices. One of these best practices is to lock away your AWS account (root) access keys and password, and not use them for day-to-day interaction with AWS. In fact, when it comes to your root account access […]

Read More

In Case You Missed These: Some Recent AWS-Related Security Articles

With the steady stream of updates and enhancements for AWS services, it can be easy to miss important information about features related to security. Here are some recent security-related updates and announcements about AWS services that you might not have heard about yet. Customizable security groups and multiple task instances now available for Amazon EMR […]

Read More

AWS Offers Criminal Justice Information Services (CJIS) Workbook

Amazon Web Services (AWS) recognizes that when law enforcement agencies place information in the cloud, they require timely and secure access to that information. AWS architecture provides a highly scalable and reliable platform that enables AWS customers to deploy applications and data quickly and securely in support of a wide variety of security and regulatory […]

Read More